From 9225a4550abebd26ff3642d8f5ed4f96b2e4bff7 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sun, 31 Aug 2014 16:21:24 +0200
Subject: Replace memcmp with a constant-time version in some places

---
 src/sha256.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/sha256.c')

diff --git a/src/sha256.c b/src/sha256.c
index 3d6401f..2e9a7a7 100644
--- a/src/sha256.c
+++ b/src/sha256.c
@@ -31,6 +31,7 @@
 
 
 #include "sha256.h"
+#include "crypto.h"
 
 #include <stdarg.h>
 #include <string.h>
@@ -261,7 +262,7 @@ bool fastd_hmacsha256_blocks_verify(const uint8_t mac[FASTD_SHA256_HASH_BYTES],
 	hmacsha256_blocks_va(&out, key, ap);
 	va_end(ap);
 
-	return !memcmp(out.b, mac, FASTD_SHA256_HASH_BYTES);
+	return secure_memequal(out.b, mac, FASTD_SHA256_HASH_BYTES);
 }
 
 /** Computes the HMAC-SHA256 of an arbitraty input buffer */
@@ -280,5 +281,5 @@ bool fastd_hmacsha256_verify(const uint8_t mac[FASTD_SHA256_HASH_BYTES], const u
 	fastd_sha256_t out;
 
 	fastd_hmacsha256(&out, key, in, len);
-	return !memcmp(out.b, mac, FASTD_SHA256_HASH_BYTES);
+	return secure_memequal(out.b, mac, FASTD_SHA256_HASH_BYTES);
 }
-- 
cgit v1.2.3